Re: Network bottleneck

Chag · ‎06-12-2022

I am not a Network admin, but recently I was forced to manage couple of Cisco Catalyst 3850-48T-E Switches and Cisco ASA 5515 firewalls. This network is working fine from past 6 years without any issues, but from past 1 week we are noticing network bottlenecks. If I try to download one/two files of 5-6GB we are facing packet drops to this network. As per my knowledge there is QoS traffic prioritization in place(I have no idea how to implement). In this datacenter we just test our product which will be mostly https calls from outside, file tranfers using SFTP & onedrive.

Can someone please help me in finding the root cause?

MHM Cisco World · ‎06-12-2022

can you share the output for this commend in both
inside and outside of ASA

show interface

Chag · ‎06-12-2022

My comment of output of show interface, if getting deleted automatically, let me know how can I share it.

MHM Cisco World · ‎06-13-2022

underruns error see in IN of ASA,
meaning that Core SW send more data that ASA can not handle it,
no change in your network but the user/server is increase or some new subnet is add make this happened.
you need to QoS to slow down sending data from Core.

Chag · ‎06-15-2022

There is no change in subnet or machines inside the network. we don’t see any drops happening inside the network. Packet drops only happens if our bandwidth limit has reached from outside. I am downloading a single file from Apple iOS firmware, single download is consuming total bandwidth.

I followed this document and tried to implement QoS on ASA, attached the screenshot please let me know if this settings work to limit the bandwidth usage. Else please suggest your suggestions.

MHM Cisco World · ‎06-15-2022

flowcontrol send on

can you add this commend to Inside interface before you apply QoS ??

Flavio Miranda · ‎06-12-2022

Hi

As you memtion that it started few days ago, would be really helpful for you identify what have changed on the network this days

By identifying this, would be much easier for you to identify the root cause.

This could be a problem in one of the device the same way this could be no problem at all and you just need to hire a faster link.

Also, check devices CPU. Memorey. Error in interface.

Chag · ‎06-12-2022

No changes made recently.. Device CPU & Memory looks normal

Flavio Miranda · ‎06-13-2022

If somthing diffetent happens, something had changed, not necessarilly configuration. But I know isnt easy map this events.

Also keep in mind that the problem can also be on the destination when it comes to download.

Leo Laohoo · ‎06-12-2022

On the switch, post the complete output to the command "sh version".

Chag · ‎06-13-2022

Please find the attachment

Georg Pauwen · ‎06-13-2022

Hello,

Gibraltar-16.12.7 MD is the recommended release, you could try and upgrade, but there is no guarantee this will solve your problem. Do you have an idea what the QoS looks like on your devices ? If possible, post the output of 'sh run' of the ASA and the switch(es)...

Chag · ‎06-15-2022

Upgraded switch to recommended version, but still the same issue. As per the our policy I can't share runing configs.

Georg Pauwen · ‎06-15-2022

Hello,

in order to find out if the firewall or the switches are the bottleneck, I would connect a PC or laptop directly to a port on the firewall. Check what happens, and if there are any drops. If that is the case, we can focus on the firewall...

Georg Pauwen · ‎06-13-2022

Hello,

it would also be helpful to see the actual QoS config. Do you know if QoS is implmeneted on the ASA, the 3850s, or both ?

Also, six years sounds like a long time. Has there ever been a software upgrade performed ? Post the output of 'sh ver' from both the ASA as well as the 3850s...